Snort mailing list archives
Re: PulledPork Stop working
From: Shirkdog <shirkdog () gmail com>
Date: Tue, 1 Dec 2015 19:42:22 -0500
Without the version provided for Snort, pulledpork will detect the Snort version based on the binary. On Dec 1, 2015 7:36 PM, "Rafael Leiva-Ochoa" <spawn () rloteck net> wrote:
Thanks that's what I thought, but was not 100% Why would pulledpork be pulling that? On Tuesday, December 1, 2015, Joel Esler (jesler) <jesler () cisco com> wrote:As mentioned earlier in another thread the ruleset for 2980 is not out yet, (should be out probably Thursday), 2976’s rules work fine. -- *Joel Esler* Manager, Talos Group On Dec 1, 2015, at 5:37 PM, Rafael Leiva-Ochoa <spawn () rloteck net> wrote: Hi All, I am getting the following error with pulledpork: Last login: Tue Dec 1 14:14:43 2015 from 172.16.1.39 [root@snort-sensor1 ~]# pulledpork.pl -vv -c /etc/snort/pulledpork.conf -l https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.2 - E.Coli in your water bottle! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2015 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug /etc/snort/pulledpork.conf snort_path = /usr/local/bin/snort enablesid = /etc/snort/enablesid.conf black_list = /etc/snort/rules/black_list.rules modifysid = /etc/snort/modifysid.conf rule_path = /etc/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules snort_control = /usr/local/bin/snort_control rule_url = ARRAY(0x16a3220) sid_msg_version = 1 sid_changelog = /var/log/sid_changes.log sid_msg = /etc/snort/sid-msg.map backup_file = /tmp/pp_backup ips_policy = security config_path = /etc/snort/snort.conf temp_path = /tmp distro = Centos-5-4 version = 0.7.2 sorule_path = /usr/local/lib/snort_dynamicrules/ disablesid = /etc/snort/disablesid.conf dropsid = /etc/snort/dropsid.conf local_rules = /etc/snort/rules/local.rules MISC (CLI and Autovar) Variable Debug: arch Def is: x86-64 Operating System is: linux CA Certificate File is: OS Default Config Path is: /etc/snort/pulledpork.conf Distro Def is: Centos-5-4 security policy specified local.rules path is: /etc/snort/rules/local.rules Rules file is: /etc/snort/rules/snort.rules Path to disablesid file: /etc/snort/disablesid.conf Path to dropsid file: /etc/snort/dropsid.conf Path to enablesid file: /etc/snort/enablesid.conf Path to modifysid file: /etc/snort/modifysid.conf sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.8.0 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/local/bin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ Will process SO rules Logging Flag is Set Extra Verbose Flag is Set Verbose Flag is Set File(s) to ignore = deleted.rules,experimental.rules,local.rules Base URL is: https://www.snort.org/rules/|snortrules-snapshot.tar.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048 https://snort.org/downloads/community/|community-rules.tar.gz|Community http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open https://www.snort.org/rules/|opensource.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048 Checking latest MD5 for snortrules-snapshot-2980.tar.gz.... Fetching md5sum for: snortrules-snapshot-2980.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2980.tar.gz.md5/b26b2f91e7f8ac8a3bf091999b07f9a458e39048 ==> SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A 422 Unprocessable Entity (1s) Error 422 when fetching https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 516 main::md5file('b26b2f91e7f8ac8a3bf091999b07f9a458e39048', 'snortrules-snapshot-2980.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line 1937 [root@snort-sensor1 ~]# I looked at the snort archive, and it was an issue before. Any idea how to fix it? Thanks, Rafael ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork Stop working Rafael Leiva-Ochoa (Dec 01)
- Re: PulledPork Stop working Joel Esler (jesler) (Dec 01)
- Re: PulledPork Stop working Rafael Leiva-Ochoa (Dec 01)
- Re: PulledPork Stop working Shirkdog (Dec 01)
- Re: PulledPork Stop working Rafael Leiva-Ochoa (Dec 01)
- Re: PulledPork Stop working Rafael Leiva-Ochoa (Dec 01)
- Re: PulledPork Stop working Joel Esler (jesler) (Dec 01)